3 matches found
Prototype Pollution
Overview dagre-d3-es is a a href="https://www.npmjs.com/dagre- Affected versions of this package are vulnerable to Prototype Pollution via the addConflict function in the bk module. An attacker can modify the JavaScript Object prototype chain by injecting malicious input values, which may result ...
Prototype Pollution
Overview org.webjars.npm:dagre-d3-es is a a href="https://www.npmjs.com/dagre- Affected versions of this package are vulnerable to Prototype Pollution via the addConflict function in the bk module. An attacker can modify the JavaScript Object prototype chain by injecting malicious input values,...
dagre-d3-es 安全漏洞
dagre-d3-es is a js library by Teebo Personal Developers. A security vulnerability exists in dagre-d3-es versions prior to 7.0.11, which stems from the addConflict function of the bk module not properly cleaning up user input, which could lead to a prototype contamination attack...